Researchers say they have devised a way to carry out stealthy drive-by exploits even when victims are using recent versions of Internet Explorer with a feature known as Protected Mode.

The attack, described in a paper released by Verizon Business, requires the attacker to have an exploit for a vulnerability that's not currently patched. It works only against machines that have the Local Intranet Zone enabled, as is the default for domain-joined workstations.

A PDF of the paper is here:http://www.verizonbusiness.com/resources/whitepapers/wp_escapingmicrosoftprotectedmodeinternetexplorer_en_xg.pdf